Merge pull request #79 from vipyrsec/cluster-whitelisting

Add cluster whitelisting instructions to bootstrap
vipyrsec · Sep 1, 2024 · 0621e62 · 0621e62
2 parents eb9e40a + 3c0bee4
commit 0621e62
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/docs/bootstrap.md b/docs/bootstrap.md
@@ -10,6 +10,7 @@ You will need:
   - kubernetes: create, delete
   - If replacing an existing cluster:
     - load_balancer: read, delete
+    - database: read, update
 - `PWD` set to the root of this repo
 - [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl)
 - [`helm`](https://helm.sh/docs/intro/install/)
@@ -41,6 +42,20 @@ for more options. The cluster may take a few minutes to provision.
 
 **Note**: `doctl k8s cluster create` sets the `kubectl` context to the newly created cluster.
 
+## Add the cluster to the database whitelist
+
+I recommend using the DO Control Panel, but it is possible via the CLI as well.
+
+### With CLI
+
+```bash
+databasename=<database-name>
+clustername=<cluster-name>
+
+doctl databases firewalls append $(doctl databases list -o json | jq ".[] | select(.name == \"$databasename\") | .id" -r) \
+  --rule k8s:$(doctl k8s cluster get $clustername --format ID --no-header)
+```
+
 ## Apply `cert-manager` CRDs
 
 ```bash